Privacy Policy
Privacy Policy updated 22.12.2023
1. Data protection principles
The EU Data Protection Regulation (GDPR) has been applied since 25th of May 2018. The regulation applies to companies in the EU as well as those companies outside the EU that offer their services to consumers and companies in the EU area. Protecting the privacy of our customers is of the utmost importance to us at Blink Helsinki ("Blink"), and that is why we are committed to complying with the legislation applicable to the processing of personal data.
This privacy policy informs you about the ways in which we protect privacy and process personal data. When processing our customers' personal data, Blink complies with the Finnish legislation, regulations and instructions issued by the authorities. The privacy policy is applied when you use our products and services or visit our website.
This privacy statement does not apply to links to third-party websites and/or services, such as third-party applications (for example Facebook), which you may encounter while using our service.
We keep the privacy statement updated when the legislation or our operations change. We encourage you to regularly check the latest version of the privacy statement on our website.
2. Contact information of the register controller
Blink Helsinki (VAT number: FI05909491)
Contact person:
CEO Antti Tolonen
antti@blinkhelsinki.fi
+358 50 3480 347
3. The personal data and the data sources we process
We process two types of data concerning you, (i) user data and (ii) technical data.
Although we do not normally use technical data to identify individuals, individuals may be identifiable from it, either by itself or when combined with certain user data. In such situations, technical data can also be considered personal data in the sense of the applicable laws. We treat combined data as personal data.
(i) User information
We collect and process the following user data we receive from you:- Name of the customer's employer company, contact person's first and last name, work address, work email address, telephone number and title;
- Consent or prohibition or other information related to direct marketing;
- Other information provided by the customer or added to the CRM system (for example, expressed interest in certain types of services);
- Classification information provided by visitors themselves (for example, interests) or other information provided by the customer or added to the CRM system (for example, demonstrated interest in certain types of services);
- Personal data entered through website forms;
- Customer feedback information;
- Order, billing and delivery information.
Regarding personnel and job seekers, we mainly process information received from the person themselves and other information generated during the employment relationship:
- Basic information of the employee or applicant;
- The job applicant's curriculum vitae, application and reference information obtained with the applicant's consent;
- Information required for salary payment;
- Information necessary to fulfill the obligations and rights related to the employment relationship;
- Certain information considered to be sensitive by the employee (for example trade union membership and health information), but exclusively to fulfill the employer's statutory obligations.
- With your express consent, we may also collect and process other personal data.
(ii) Technical Data
The service may automatically collect the following technical information about you:
- The log technology used in the service automatically collects the website address from which you reached the service. We also collect the IP address of the device you use to access the service, information related to your device's operating system, and the name of your internet service provider.
- We may place a cookie on the hard drive of the device you use to access the service. Cookies are text files that are saved on your device's hard drive through your browser and enable your browser to be recognized to store your preferences and to direct relevant content to you. Most of the available browsers allow the user to manage cookies, for example by turning them off completely, accepting each cookie separately, and deleting saved cookies from your hard drive. However, we would like to remind you that if you completely disable cookies, you may not be able to use some features of the service.
- Google Analytics is part of the service. By using cookies, Google Analytics collects and stores information such as the time of your visit, the pages visited, the time spent on each page, the IP address and the type of operating system used on the device used to access the Service. To learn more about Google Analytics, visit the Google Analytics website. You can refuse the collection of data by Google Analytics by downloading the following add-on to your browser: Google Analytics opt-out add-on.
- HubSpot is part of the service. By using cookies, HubSpot collects and stores information such as time of your visit, pages visited, time spent on each page, IP address and possible form submissions. In addition, information may be collected about email communication between the user and Blink.
- Fullstory is part of the service. By using cookies, Fullstory collects anonymous information about the user's behaviour on the site, such as the time of the visit, the pages visited, the time spent on each page, mouse cursor movements and clicks.
We use Leadoo user tracking to monitor how our users move around our website, and connect this data to the information of the user, which is collected through e.g. chat interactions. Leadoo uses etag tracking which technically differs from cookie-based tracking, but is subject to the same laws as cookies. Check Leadoo Marketing Technologies Oy's Privacy Policy (https://leadoo.com/privacy-policy/) to know more about what is tracked in the system.
With GDPR in mind, we act as a controller and Leadoo as a data processor. If you do not want to be tracked, you can clear your browser's cache. For more information on how Leadoo works, check https://leadoo.com/privacy-policy-processor
We use Piwik PRO Analytics Suite as our website/app analytics software and consent management tool. We collect data about website visitors based on cookies. The collected information may include a visitor’s IP address, operating system, browser ID, browsing activity and other information. See the scope of data collected by Piwik PRO. We calculate metrics like bounce rate, page views, sessions and the like to understand how our website/app is used. We may also create visitors’ profiles based on browsing history to analyze visitor behavior, show personalized content and run online campaigns. We host our solution on Microsoft Azure in Germany, and the data is stored for 14/25 months. The purpose of data processing: analytics and conversion tracking based on consent. Legal basis: Art. 6 (1)(a) GDPR. Piwik PRO does not send the data about you to any other sub-processors or third parties and does not use it for its own purposes. For more, read Piwik PRO’s privacy policy.
4. Purpose and basis of personal data processing
We make sure to always have a legal basis for processing your personal data. We may process data on several different grounds, but we make sure that we always have at least one processing condition defined by law.
Blink processes personal data for several purposes:
To provide and develop our service
We process personal data to provide services to our customers and to conduct, maintain and develop our business. Personal data can be used to fulfill our contractual obligations towards the customer. We also process the personal data you provide to develop our services by analysing the features and functions of the service you use and by analysing the areas of the service you visit.
For customer communication and marketing
We may process personal data in order to contact our customers in matters related to our services and to notify customers of changes to the services, to process and collect customer feedback, and to market our services. We can send you newsletters regarding our services along with other direct marketing. The registered user always has the right to prohibit us from using personal data for direct marketing, market research or profiling by contacting us in accordance with the contact information indicated above or by using the option to cancel the order offered in connection with direct marketing messages.
Visitor analytics and trend identification
We may process information about the use of our services in order to improve the quality of the said services, for example by analysing various trends and developments related to them. To the possible extent, we use anonymized or pseudonymized information for this purpose, from which individuals cannot be identified.
Basis of processing
We process personal data based on our legitimate interest to conduct, maintain and develop our business, and to create and maintain customer relationships. When we process your personal data based on our legitimate interest, we weigh the interests against your right to privacy. In addition, we process personal data to fulfill our statutory obligations, such as for example, the documentation obligations imposed on us by the Accounting Act. In some situations, we may ask for consent to process personal data. In these cases, the consent given can be withdrawn at any time.
5. Data recipients
We do not sell, rent or otherwise disclose personal information to third parties, unless otherwise stated below. We only share personal data within Blink's organisation if and only to the extent necessary to perform and develop our services. We do not disclose personal data to third parties outside the Blink organisation, unless one of the following situations applies:
For legal reasons
We may disclose personal information to third parties outside of our organisation if access to personal information is reasonably necessary to (i) comply with applicable law, regulation or court order; (ii) to detect, prevent or otherwise deal with fraud or information security or technical problems; or (iii) to protect or ensure the safety of Blink's or users' property, or to ensure the purposes required by the public interest in accordance with legislation. We will inform you about such transfer and processing, if possible.
For authorised service providers
We may hand over personal data to authorised service providers who perform services for us. Our agreements with our service providers contain commitments according to which the service providers undertake to limit the use of personal data and to comply with at least the privacy and data security standards in accordance with this privacy statement.
For other legitimate reasons
If Blink is a party to a merging, business transaction or other company transaction, we may disclose personal data to a third party involved in that transaction. In this case however, we ensure that all personal data remains confidential. We will inform users who are affected by the transfer of personal data or whose processing of personal data will be transferred under another privacy policy of the transaction as soon as is reasonably possible.
With your expressed consent
We may disclose personal data to third parties outside the Blink organisation for reasons other than those mentioned above, when we have your express consent. You have the right to withdraw such consent at any time. In addition, we can hand over information to third parties in such a form that the information does not become personal information and it is not possible to identify users from it.
6. Data transfers to countries outside the European Economic Area
We store your personal data primarily in the European Economic Area. However, our service providers operate in several geographical locations. Together with our service providers, we can transfer personal data to countries, or get access to them in countries outside the European Economic Area or your country of residence.
We take measures to ensure that your personal data receives an adequate level of protection in the jurisdictions where your personal data is processed. We arrange adequate protection for the transfer of personal data to countries outside the European Economic Area with agreements based on Model Contract Clauses approved by the European Commission or other similar agreements concluded with our service providers.
You can request additional information regarding transfers of personal data by contacting us using the contact information mentioned above.
7. Storing and securing personal data
We only keep your personal data for as long as the legislation requires or as long as it is necessary to fulfill the purposes identified above. We do not retain outdated or unnecessary information. We try to ensure that personal data and other customer data are up to date. Your data is mainly stored in electronic form on our service provider's servers, which are protected in accordance with the general practices of the industry.
The personal information we collect and process is kept confidential and is not disclosed to anyone other than those who need it in their work, or to our contractual partners, such as our subcontractors, on a confidential and limited basis based on agreements. Access to your personal data is limited and protected with user-specific codes, passwords and access rights. Our premises are locked and secured.
We report data security breaches to the Finnish Communications Regulatory Authority within 72 hours. We will personally notify the persons who have been the target of a possible critical data security breach.
8. Your Rights
You have the right to the following measures regarding your personal data. We process all requests for action within a reasonable time.
The right to access information
You have the right to access your personal data that we process. If you wish, you can contact us to find out what personal data about you we have collected and processed, and for what purpose this data is used.
The right to demand correction of information
You have the right to have your incorrect, inaccurate, outdated or unnecessary personal data that we store corrected or supplemented by us. You can also update your personal information by contacting us according to the contact information mentioned above.
The right to demand deletion of information
You have the right to demand the deletion of personal data. We will carry out the measures according to your request, if we do not have a legitimate reason not to delete the information. Such legitimate reasons can be based on applicable legislation, for example.
The right to object and the right to restrict processing
Regardless of any prior consent given for direct marketing purposes, you have the right at any time to prohibit us from using your personal data for direct marketing, market research and profiling by contacting us in accordance with the above contact information. You can prevent us from sending you direct marketing by using the unsubscribe option provided with all direct marketing messages. If you have additional questions regarding the direct marketing you receive from us, please contact us using the contact information mentioned above.
In addition, in certain special situations, you have the right to object to the processing of your personal data if the basis is a personal special situation.
The right to transfer data from one system to another
You have the right to receive your personal data from us in a structured and commonly used format and to independently transfer the data to a third party.
Exercising the said rights
The above-mentioned rights can be exercised by sending us a letter or an email to the above-mentioned addresses. The letter or email must contain the following information about you: name, address, phone number and a copy of a valid ID. In order to prove your identity, we may ask you to provide additional information. We may reject requests that are unreasonably frequent, excessive, or clearly unfounded. If we process your data based on your consent, you can withdraw your consent at any time by notifying the above address.
9. Making a complaint
You have the right to file a complaint with the data protection commissioner if you feel that Blink's processing of personal data is in violation of data protection legislation.
10. Additional information
You can prevent the use of cookies in your browser or set your browser to warn you when cookies are attempted to be installed. For example, the following links provide information on changing cookie settings in the most popular browsers:
You can also for example take a comprehensive look at the EU's data protection reform from the following link: https://commission.europa.eu/law/law-topic/data-protection/reform_en